The recommended and supported way to achieve that requirement (session validation and token renewal) would be to leverage the renewAuth method as it can simplify the process and also comes with formal support.

I tried to reproduce the issue, but failed to do so using the renewAuth approach. The Angular quickstart has a specific step dedicated to this so you may also to follow that.

In addition, have in mind that if you’re using social authentication you need to ensure that you’re using your own client application information. Using the default Auth0 Dev social keys will have the side-effect of preventing SSO to work as expected; this is noted in the Angular step mentioned above and also on the reference docs about limitations of Dev keys.